Previous Topic: Using the Policy Server as a RADIUS ServerNext Topic: Policy Server Administration Guide


Attributes and Expressions Reference

This section contains the following topics:

Data Types

Expression Syntax Overview

Pasting

Operators

Functions Available within Expressions

Data Types

All constant data is one of three main literal data types: strings, numbers, or Booleans. The string data type includes two sub-types: sets and LDAP distinguished names. The number data type includes one sub-type: dates. All functions and operations result in one of these types or their sub-types.

In addition to the literal data types, there are data types that function as variables:

Strings

Strings represent character data as a string of zero or more characters enclosed by a pair of single or double quotes. String values are constants that can be manipulated by the built-in operators and functions. For example, strings can be converted to another data type or concatenated.

Strings that start with an optional positive or negative sign and contain the characters "0" through "9" can be converted to number values. The strings "TRUE" and "YES" (or "true" and "yes") can be converted to the Boolean value TRUE. All other string values are converted to FALSE. Two strings can be concatenated. In concatenation, the beginning of the second string is joined to the end of the first string.

Sets and LDAP distinguished names (DNs) are special cases of the string data type. A set is a string of elements that are separated by the caret character, for example, 'element1^element2'. Each element in the set is a string.

An LDAP DN is a simple string that uniquely identifies an entry in an LDAP directory and whose format is defined by the LDAP specification.

Numbers

Numbers must be integers or whole numbers with an optional leading positive or negative sign. Four-byte integers are supported or whole numbers that range from -231 to 231. Decimal points are ignored. Number values are constants that can be manipulated by the built-in operators and functions. For example, numbers can be converted to another data type.

Numbers can be converted to strings that start with an optional negative sign and contain only the characters "0" through "9". Numbers can also be converted to Boolean values. Non-zero numbers are converted to TRUE; zero is converted to FALSE.

Dates are a special case of the number data type. They are represented as the number of seconds that have passed since January 1, 1970.

There are numerous functions that manipulate dates. For example, the DOW function accepts the numeric representation of a date and returns a number in the range 0-6 that corresponds to a day of the week. There are also functions that convert a date in string format to a number and a number representation of a date to a string.

Booleans

Booleans are one of two values: TRUE or FALSE. Boolean values are constants that can be compared and manipulated by the built-in operators and functions. For example, Booleans can be converted to another data type.

When a Boolean value is converted to a number value, TRUE is converted to 1, and FALSE is converted to 0. When a Boolean value is converted to a string value, TRUE is converted to "TRUE" and FALSE is converted to "FALSE".

User Attributes

User attributes have names and values. User attribute names are unquoted. User attribute values are strings and are quoted. User attribute names must conform to the following rules:

A user attribute name functions as a variable data type, not as a literal. When a user attribute name is encountered, the corresponding attribute value is retrieved from the user directory. When an attribute has multiple values, they are returned as a set. A set is a string of elements separated by the caret character, for example, 'value1^value2'. Each element in the set is a string.

Named Expressions

There are two types of named expressions: virtual user attributes and user classes.

Virtual user attributes differ from user attributes. Unlike user attributes, which are stored in the user directory as strings, virtual user attributes name expressions that are calculated at runtime and that result in a string, number, or Boolean value. Also unlike user attributes, virtual user attributes are read-only.

User classes are a special case of virtual user attributes. Like virtual user attributes, user classes name expressions that are calculated at runtime. Unlike virtual user attributes, user classes name expressions that test membership in a user group or directory and that result in a Boolean value only.

Both virtual user attribute names and user class names must conform to the following rules:

Note: Active expressions and named expressions are not the same. While both types of expressions are evaluated at run-time, they differ in the following ways:

Expression Syntax Overview

The syntax described in this appendix belongs to an internal CA SiteMinder® expression evaluator. You can use the data types, operators, and built-in functions that comprise this syntax in expressions, when you define Roles or Entitlements in the Administrative UI. An unnamed expression is local to the particular Role or Entitlement that you are defining, or you can use named expressions, which are defined globally.

Named expressions include virtual user attributes (whose names begin with #) and user classes (whose names begin with @).

A virtual user attribute calculates a value when the required information cannot be read directly from a user's directory entry. Virtual user attributes return a string, number, or Boolean value. For example, if you wanted to format name information so that it could be used frequently for sorting, you could define a virtual user attribute called #SortName in the user interface as follows:

UCase(RTrim(LastName + "," + FirstName + " " + Initial))

This example uses two built-in functions, UCASE and RTRIM. Note that these name are not case sensitive.

A user class is an expression that determines whether a user belongs to a particular category based on user type, such as a manager or an administrator. A user is either a member of a particular user class or not, so the result of a user class expression is always Boolean.

When you define a virtual user attribute or user class, you can specify that it is private, which means that it can only be called from other named expressions. Similarly, some of the built-in functions are designated as privileged functions, which means that they can only be called from within another named expression. Privileged functions are noted in the Remarks section as "Privileged". Functions that accept one or more LDAP Distinguished Names as parameters are noted in the Remarks section as "LDAP Only".

Pasting

Expressions can be stored as objects in the Policy Store, where they can be referenced by name from anywhere, including from other expressions. Any expression can pass values to a named expression through the placeholders %1 through %9 and the special placeholder %0. This is called pasting.

There are two types of named expressions: virtual user attributes and user classes. Virtual user attribute names start with a pound sign, and user class names start with an at sign. Both types of named expressions are followed by up to nine parameters. The syntax is similar to the syntax of a function:

#virtual_user_attribute(P1, P2, P3, P4, P5, P6, P7, P8, P9)
@user_class(P1, P2, P3, P4, P5, P6, P7, P8, P9)

When creating a named expression in the Policy Store, you can use built-in operators and functions, the literal data types, the placeholders, and other named expressions. Use the placeholders to pass variable data to the named expression. In the following example, the URL is updated during each iteration and thus, must be represented by the placeholder %1.

Example:

You can create a virtual attribute named #URLFile that accepts a URL and returns a filename:

#URLFile := { FIND(%1, '/')=0 ? %1 : #URLFile(AFTER(%1, '/')) }
Return_value=#URLFile('C:\My Documents\expression_syntax.doc')
Return_value='expression_syntax.doc'

In this example, the URL is passed to the built-in function FIND through the placeholder %1. FIND finds the first instance of "/" in the URL and returns its position. If "/" is not found, FIND returns 0 and #URLFile returns the filename. Otherwise, the URL is passed to the built-in function AFTER through the placeholder %1. AFTER returns that part of the URL that follows "/". The shortened URL is then passed to #URLFile. Recursion is supported.

The following table shows the values of the position and the URL at the completion of each iteration in this example:

Iteration

Position

URL

1

3

'My Documents\expression_syntax.doc'

2

16

'expression_syntax.doc'

When certain built-in functions, such as ENUMERATE or LOOP, call a named expression multiple times, once for each element in a set, the named expression must be created using the special placeholder %0. For example, you can create an expression named #RTrimset that removes trailing spaces from any number of set elements:

#RTrimset := RTrim(%0)

Then, you can pass a set to #RTrimset through the built-in function ENUMERATE:

Return_value=ENUMERATE('First_name     ^Middle_name    ^Last_name      ',#RTrimset)
Return_value='First_name^Middle_name^Last_name'

In this example, the set consists of three elements: the first, middle, and last names. ENUMERATE passes each name to #RTrimset. #RTrimset removes the trailing spaces and returns the shortened name to ENUMERATE. ENUMERATE includes each returned name in the resulting string and uses the caret character to separate them.

More information:

LOOP Function--Call a Virtual Attribute in a Loop

ENUMERATE Function--Test Set Elements

Operators

This topic lists all supported operators by category.

Comparative Operators

String Operators

Set Operators

Logical Operators

Arithmetic Operators

Miscellaneous Operator

Equality Operators

The equality operator (=) compares two values. If the values are equal, the result of the operation is TRUE. Otherwise, the result of the operation is FALSE. If the two values are strings, the operation is case-sensitive.

The equality operator (~=) only compares string values and is not case-sensitive.

Examples:

1 = 1
Result = TRUE

1 = 2
Result = FALSE

"sparrow" = "SPARROW"
Result = FALSE

"sparrow" ~= "SPARROW"
Result = TRUE

More information:

Inequality Operators

Inequality Operators

The inequality operator (!=) compares two values. If the values are not equal, the result of the operation is TRUE. Otherwise, the result of the operation is FALSE. If the two values are strings, the operation is case-sensitive.

The inequality operator (~!=) only compares string values and is not case-sensitive.

Examples:

1 != 1
Result = FALSE

1 != 2
Result = TRUE

"sparrow" != "SPARROW"
Result = TRUE

"sparrow" ~!= "SPARROW"
Result = FALSE

More information:

Equality Operators

Less-than Operators

The less-than operator (<) compares two values. If the first value is less than the second value, the result of the operation is TRUE. Otherwise, the result of the operation is FALSE. If the two values are Boolean, TRUE is greater than FALSE. If the two values are strings, the operation is case-sensitive.

The less-than operator (~<) only compares string values and is not case-sensitive.

Examples:

1 < 2
Result = TRUE

2 < 1
Result = FALSE

'crow' < 'CROW'
Result = FALSE

'crow' ~< 'CROW'
Result = FALSE

More information:

Greater-than Operators

Greater-than Operators

The greater-than operator (>) compares two values. If the first value is greater than the second value, the result of the operation is TRUE. Otherwise, the result of the operation is FALSE. If the two values are Boolean, TRUE is greater than FALSE. If the two values are strings, the operation is case-sensitive.

The greater-than operator (~>) only compares string values and is not case-sensitive.

Examples:

1 > 2
Result = FALSE

2 > 1
Result = TRUE

'crow' > 'CROW'
Result = TRUE

'crow' ~> 'CROW'
Result = FALSE

More information:

Less-than Operators

Less-than or Equal-to Operators

The less-than or equal-to operator (<=) compares two values. If the first value is less than or equal to the second value, the result of the operation is TRUE. Otherwise, the result of the operation is FALSE. If the two values are Boolean, TRUE is greater than FALSE. If the two values are strings, the operation is case-sensitive.

The less-than or equal-to operator (~<=) only compares string values and is not case-sensitive.

Examples:

1 <= 2
Result = TRUE

2 <= 1
Result = FALSE

'junco' <= 'JUNCO'
Result = FALSE

'junco' ~<= 'JUNCO'
Result = TRUE

More information:

Greater-than or Equal-to Operators

Greater-than or Equal-to Operators

The greater-than or equal-to operator (>=) compares two values. If the first value is greater than or equal to the second value, the result of the operation is TRUE. Otherwise, the result of the operation is FALSE. If the two values are Boolean, TRUE is greater than FALSE. If the two values are strings, the operation is case-sensitive.

The greater-than or equal-to operator (~>=) only compares string values and is not case-sensitive.

Examples:

1 >= 2
Result = FALSE

2 >= 1
Result = TRUE

'junco' >= 'JUNCO'
Result = TRUE

'junco' ~>= 'JUNCO'
Result = TRUE

More information:

Less-than or Equal-to Operators

Begins-with Operators

The two begins-with operators (BEGINS_WITH and ~BEGINS_WITH) are designed to be used with string values. If the first string begins with the second string, the result of the operation is TRUE. Otherwise, the result of the operation is FALSE.

The "BEGINS_WITH" operator is case-sensitive. The "~BEGINS_WITH" operator is not case-sensitive.

Examples:

'SiteMinder' BEGINS_WITH 'site'
Result = FALSE

'SiteMinder' ~BEGINS_WITH 'site'
Result = TRUE

Ends-with Operators

The two ends-with operators (ENDS_WITH and ~ENDS_WITH) are designed to be used with string values. If the first string ends with the second string, the result of the operation is TRUE. Otherwise, the result of the operation is FALSE.

The "ENDS_WITH" operator is case-sensitive. The "~ENDS_WITH" operator is not case-sensitive.

Examples:

'SiteMinder' ENDS_WITH 'DER'
Result = FALSE

'SiteMinder' ~ENDS_WITH 'DER'
Result = TRUE

More information:

Begins-with Operators

Containment Operators

Containment Operators

The two containment operators (CONTAINS and ~CONTAINS) are designed to be used with string values. If the first string contains the second string, the result of the operation is TRUE. Otherwise, the result of the operation is FALSE.

The "CONTAINS" operator is case-sensitive. The "~CONTAINS" operator is not case-sensitive.

Examples:

'SiteMinder' CONTAINS 'EMI'
Result = FALSE

'SiteMinder' ~CONTAINS 'EMI'
Result = TRUE

More information:

Begins-with Operators

Ends-with Operators

Set Inclusion Operators

The set inclusion operators (IN and ~IN) test whether the first operand, a string, is an element of the second operand, a set. If the string is an element of the set, the result of the operation is TRUE. Otherwise, the result of the operation is FALSE.

The IN operator is case-sensitive. The ~IN operator is not case-sensitive.

Examples:

'MON' IN 'Sun^Mon^Tue^Wed^Thu^Fri^Sat'
Result = FALSE

'MON' ~IN 'Sun^Mon^Tue^Wed^Thu^Fri^Sat'
Result = TRUE

More information:

Set Union Operators

Set Intersection Operators

Pattern Matching Operator

The pattern matching operator LIKE compares a string value to a pattern of characters that is also a string, for example, 'abc' LIKE '???'. If the string value matches the pattern, the result of the operation is TRUE. Otherwise, the result of the operation is FALSE. The pattern matching operation is case-sensitive.

Patterns are created by combining single characters, character ranges, or both. Character ranges are specified by concatenating the first character in the range, a hyphen, and the last character in the range, for example, 0-9. Valid characters include numbers, uppercase and lowercase letters, and reserved characters that have special meanings. Character sets contain one or more characters, character ranges, or both and are enclosed by square brackets. For example, [0-9A-Za-z], [0-2ABC], and [789x-z] are all valid character sets.

Note: Character ranges are always part of a character set.

The following table lists the reserved characters and their meanings:

Character

Meaning

' or "

Specifies a string, such as 'abc' or "abc"

-

Specifies a range of characters, such as 0-9

?

Matches any single character

*

Matches any sequence of characters, including one or none

[set]

Matches any single character in the specified set

[!set] or [^set]

Matches any single character not in the specified set

[set]?

Matches any single character in the specified set or an empty string

[set]*

Matches any sequence of characters in the specified set, including one or none

\

Treats any reserved character as a regular character, such as \*

Examples that use '?'

'' LIKE '?'
Result = FALSE

'a' LIKE '?'
Result = TRUE

'ab' LIKE '?'
Result = FALSE

'abc' LIKE '???'
Result = TRUE

'191' LIKE '1??'
Result = TRUE

'201' LIKE '1??'
Result = FALSE

Examples that use '*'

'' LIKE '*'
Result = TRUE

'a' LIKE '*'
Result = TRUE

'a1b2c3' LIKE '*'
Result = TRUE

'robin' LIKE 'r*n'
Result = TRUE

'room' LIKE 'r*n'
Result = FALSE

Examples that use '[set]'

'' LIKE '[abcde]'
Result = FALSE

'f' LIKE '[abcde]'
Result = FALSE

'c' LIKE '[abcde]'
Result = TRUE

'abc' LIKE '[abcde]' Compare: 'abc' LIKE '[abcde]*'
Result = FALSE

Examples that use '[!set]' or '[^set]'

'' LIKE '[!abcde]'
Result = FALSE

'f' LIKE '[^abcde]'
Result = TRUE

'c' LIKE '[!abcde]'
Result = FALSE

'xyz' LIKE '[^abcde]'
Result = FALSE

Examples that use '[set]?'

'' LIKE '[abcde]?'
Result = TRUE

'a' LIKE '[abcde]?'
Result = TRUE

'ab' LIKE '[abcde]?'
Result = FALSE

'z' LIKE '[abcde]?'
Result = FALSE

Examples that use '[set]*'

'' LIKE '[abcde]*'
Result = TRUE

'a' LIKE '[abcde]*'
Result = TRUE

'aabbccddee' LIKE '[abcde]*'
Result = TRUE

'abcdef' LIKE '[abcde]*'
Result = FALSE

'abc' LIKE '[abcde]*' Compare: 'abc' LIKE '[abcde]'
Result = TRUE

Examples that use '\'

'123-456-7890' LIKE '[0-9][0-9][0-9]\-[0-9][0-9][0-9]\-[0-9][0-9][0-9][0-9]'
Result = TRUE

'_!_^_*_?_' LIKE '_\!_\^_\*_\?_'
Result = TRUE

Examples that test case-sensitivity

'a' LIKE '[a-z]'
Result = TRUE

'A' LIKE '[a-z]'
Result = FALSE

'A' LIKE '[A-Za-z]'
Result = TRUE

'Robin' LIKE '[A-Za-z]*'
Result = TRUE

'Robin' LIKE '[A-Z][a-z]*'
Result = TRUE

'robin' LIKE '[A-Z][a-z]*'
Result = FALSE

Set Intersection Operators

The set intersection operators (INTERSECT and ~INTERSECT) compare two sets. Sets are strings of elements separated by the caret character. The resulting set is a string that contains only those elements present in both sets. The INTERSECT operator is case-sensitive. The ~INTERSECT operator is not case-sensitive.

Important! The sequence of elements in the resulting set is not predictable. When the operation is not case-sensitive, the case of elements in the resulting set is also not predictable.

Examples:

'BLUE JAY^ORIOLE^WREN' INTERSECT 'BLUE JAY^wren'
Result = 'BLUE JAY'

'BLUE JAY^ORIOLE^WREN' ~INTERSECT 'BLUE JAY^wren'
Result = 'BLUE JAY^WREN'

More information:

Set Union Operators

Set Inclusion Operators

Set Union Operators

The set union operator (UNION) returns a set containing all unique elements of the two operand sets (the union of the two sets). Duplicate elements are removed.

If the tilde character (~) precedes the UNION operator (~UNION), then two elements that differ only in case are considered identical.

Important! The sequence of the resulting set is not predictable. Also, if the ~UNION operator is specified, the case of a resulting intersecting element is not predictable.

Examples:

"JUAN^BART^CHUCK" UNION "CHUCK^Bart"
Result = "JUAN^BART^CHUCK^Bart"

"JUAN^BART^CHUCK" ~UNION "CHUCK^Bart"
Result = "JUAN^BART^CHUCK"

"JUAN^BART^JUAN^CHUCK" UNION "JUAN^BART^JUAN^CHUCK"
Result = "JUAN^BART^CHUCK"

More information:

Set Inclusion Operators

Set Intersection Operators

NOT Operator

The NOT operator takes a single Boolean operand and reverses its value. It changes FALSE to TRUE and TRUE to FALSE. Note that this operator is usually used to reverse the result of a comparison operator.

Examples:

NOT ("SiteMinder" ENDS_WITH "R")
Result = TRUE

NOT ("SiteMinder " ~ENDS_WITH "R")
Result = FALSE

More information:

AND Operator

OR Operator

Exclusive OR Operator

AND Operator

The AND operator (also written & and &&) takes two Boolean operands and returns TRUE if both operands are TRUE. Note that this operator is usually used to connect two comparisons.

The evaluator does not evaluate the second Boolean operand if the first one is FALSE (since the result must be FALSE).

Examples:

(1 > 2) AND ("JUAN" ~= "JUAN")
Result = FALSE

(1 < 2) AND ("JUAN" ~= "JUAN")
Result = TRUE

More information:

NOT Operator

OR Operator

Exclusive OR Operator

OR Operator

The OR operator (also written | or ||) takes two Boolean operands and returns TRUE if either operand is TRUE. Note that this operator is usually used to connect two comparisons.

The evaluator does not evaluate the second Boolean operand if the first one is TRUE (since the result must be TRUE already).

Examples:

(1 > 2) OR ("JUAN" ~= "JUAN")
Result = TRUE

(1 < 2) OR ("JUAN" ~= "JUAN")
Result = TRUE

More information:

NOT Operator

AND Operator

Exclusive OR Operator

Exclusive OR Operator

The exclusive OR (XOR) operator takes two Boolean operands and returns TRUE if either operand is TRUE, but not both. This operator is usually used to connect two comparisons.

Examples:

(1 > 2) XOR ("JUAN" ~= "JUAN")
Result = TRUE

(1 < 2) XOR ("JUAN" ~= "JUAN")
Result = FALSE

More information:

NOT Operator

AND Operator

OR Operator

String Concatenation Operator

The string concatenation operator (+) returns a string that contains the combination of its two string operands.

If the first operand is a string, but the second is a number or a Boolean, the second operand is converted to a string. If the first operand is a number, the operator (+) indicates arithmetic addition, not concatenation.

Examples:

"JUAN" + " " + "Jones"
Result = "JUAN Jones"

"JUAN" + 2
Result = "JUAN2"

Arithmetic Addition Operator

The arithmetic addition (+) operator returns the sum of two numeric operands.

If the first operand is a number, but the second is a string or a Boolean, the second operand is converted to a number.

Examples:

1 + 2
Result = 3

1 + "JUAN"
Result = 1

1 + "32JUAN"
Result = 33

More information:

Arithmetic Subtraction Operator

Arithmetic Multiplication Operator

Arithmetic Division Operator

Arithmetic Subtraction Operator

The arithmetic subtraction (-) operator returns the difference between two numeric operands.

If the first operand is a number, but the second is a string or a Boolean, the second operand is converted to a number.

Examples:

1 - 2
Result = -1

1 - "JUAN"
Result = 1

100 - "32JUAN"
Result = 68

More information:

Arithmetic Addition Operator

Arithmetic Multiplication Operator

Arithmetic Division Operator

Arithmetic Multiplication Operator

The arithmetic multiplication (*) operator returns the product of two operands.

If the first operand is a number, but the second is a string or a Boolean, the second operand is converted to a number.

Examples:

1 * 2
Result = 2

1 * "JUAN"
Result = 0

100 * "32JUAN"
Result = 3200

More information:

Arithmetic Addition Operator

Arithmetic Subtraction Operator

Arithmetic Division Operator

Arithmetic Division Operator

The arithmetic division operator (/) returns the quotient of two operands.

If the first operand is a number, but the second is a string or a Boolean, the second operand is converted to a number.

All division is integer division.

Note: Division by zero, which is arithmetically undefined, always results in an error in this environment.

Examples:

1 / 2
Result = 0

1 / "JUAN"
Result = 0

100 / "32JUAN"
Result = 3

More information:

Arithmetic Addition Operator

Arithmetic Subtraction Operator

Arithmetic Multiplication Operator

Conditional Operator

The conditional operator evaluates a Boolean expression (the first operand) and based on the result returns one of two other operands.

If the Boolean operand is TRUE, the result of the operator is the second operand (the THEN clause), otherwise the third operand is returned (the ELSE clause). The second and the third operand must be the same type.

Only one clause of this operator is ever evaluated. In other words, if the THEN clause (operand) is evaluated, the ELSE clause (operand) is not evaluated. (And the opposite is also true.)

Examples:

"JUAN" = "juan" ? "YES" : "NO"
Result = "NO"

"JUAN" ~= "juan" ? "YES" : "NO"
Result = "YES"

Indexing Operator

The indexing operator takes two arguments: a set and a number (the index). The set is broken into components and the component corresponding to the specified index is returned (like a traditional array). If the index is out of range, a blank string is returned.

The first element in the set is at index zero (0).

Examples:

"Sun^Mon^Tue^Wed^Thu^Fri^Sat"[2]
Result = "Tue"

"Sun^Mon^Tue^Wed^Thu^Fri^Sat"[0]
Result = "Sun"

Functions Available within Expressions

This topic lists all of the functions by area of utility.

Numeric Functions

String Functions

Set Functions

Date Functions

Conversion Functions

Generic User Directory I/O Functions

LDAP Functions

URL/Path Handling Functions

Logging Functions

File I/O Functions

Error Handling Functions

Miscellaneous Functions

ABOVE Function--Is User Above Specified LDAP DN

The ABOVE function returns a TRUE if the specified user (user_DN) exists within a container that is above the specified container (root_DN).

Syntax

The ABOVE function has the following format:

ABOVE(root_DN, user_DN)

Parameters

The ABOVE function accepts the following parameters:

root_DN (string)

user_DN (string)

Return Value

The ABOVE function returns a Boolean value.

Remarks

LDAP Only: Yes

More information:

AT Function--Is User at Specified LDAP DN

BELOW Function--Is User Below Specified LDAP DN

ABS Function--Find the Absolute Value

The ABS function finds the absolute value of a number.

Syntax

The ABS function has the following format:

ABS(number)

Parameters

The ABS function accepts the following parameter:

number (number)

Return Value

The ABS function returns a number.

Example

Return_value=ABS(3)
Return_value=3

Return_value=ABS(-2)
Return_value=2

AFTER Function--Find a String

The AFTER function finds the specified instance of a search string in a source string and returns that part of the source string that follows the search string. If the search string is not found, then the AFTER function returns a blank string.

Syntax

The AFTER function has the following format:

AFTER(source_string, search_string[, not_case_sensitive][, n])

Parameters

The AFTER function accepts the following parameters:

source_string (string)

search_string (string)

not_case_sensitive (Boolean)

(Optional) Specifies case sensitivity. If the not_case_sensitive flag is omitted or set to FALSE, the function searches the source string for an exact match. If the not_case_sensitive flag is set to TRUE, the function ignores case.

n (number)

(Optional) Specifies the instance of the search string in the source string. If n is set to zero or one or omitted, the function finds the first instance of the search string. Otherwise, the function finds the nth instance of the search string. If n is negative, the function begins the search at the end of the source string.

Return Value

The AFTER function returns a string.

Example

Return_value=AFTER('EricEric', 'r')
Return_value='icEric'

Return_value=AFTER('EricEric', 'R')
Return_value=''

Return_value=AFTER('EricEric', 'R', TRUE)
Return_value='icEric'

Return_value=AFTER('EricEric', 'r', -1)
Return_value='ic'

Return_value=AFTER('EricEric', 'R', -1)
Return_value=''

Return_value=AFTER('EricEric', 'R', TRUE, -1)
Return_value='ic'

Return_value=AFTER('EricEric', 'r', 2)
Return_value='ic'

Return_value=AFTER('EricEric', 'R', 2)
Return_value=''

Return_value=AFTER('EricEric', 'R', TRUE, 2)
Return_value='ic'

More information:

BEFORE Function--Find a String

FIND Function--Return Position in String

ALL Function--All Bits Set

The ALL function accepts two numbers and returns a TRUE if all of the bits that are set in the second number are also set in the first number.

Syntax

The ALL function has the following format:

ALL(number1, number2)

Parameters

The ALL function accepts the following parameters:

number1 (number)

number2 (number)

Return Value

The ALL function returns a Boolean value.

Example

Return_value=ALL(7, 2)
Return_value=TRUE

Return_value=ALL(7, 15)
Return_value=FALSE

More information:

ANY Function--Any Bits Set

ANDBITS Function--Perform a Bitwise AND Operation

The ANDBITS function performs a bitwise AND operation on two numbers.

Syntax

The ANDBITS function has the following format:

ANDBITS(number1,number2)

Parameters

The ANDBITS function accepts the following parameters:

number1 (number)

number2 (number)

Return Value

The ANDBITS function returns a number.

Example

Return_value=ANDBITS(7,2)
Return_value=2

Return_value=ANDBITS(7,15)
Return_value=7

More information:

ORBITS Function--Perform a Bitwise OR Operation

XORBITS Function--Perform a Bitwise XOR Operation

NOTBITS Function--Perform a Bitwise NOT

ANY Function--Any Bits Set

The ANY function accepts two numbers and returns a TRUE if any of the bits that are set in the second number are also set in the first number.

Syntax

The ANY function has the following format:

ANY(number1, number2)

Parameters

The ANY function accepts the following parameters:

number1 (number)

number2 (number)

Return Value

The ANY function returns a Boolean value.

Example

Return_value=ANY(7, 2)
Return_value=TRUE

Return_value=ANY(7, 15)
Return_value=TRUE

More information:

ALL Function--All Bits Set

AT Function--Is User at Specified LDAP DN

The AT function returns a TRUE if the specified user (user_DN) exists within the specified container (root_DN).

Syntax

The AT function has the following format:

AT(root_DN, user_DN)

Parameters

The AT function accepts the following parameters:

root_DN (string)

user_DN (string)

Return Value

The AT function returns a Boolean value.

Remarks

LDAP Only: Yes

BEFORE Function--Find a String

The BEFORE function finds the specified instance of a search string in a source string and returns that part of the source string that precedes the search string. If the search string is not found, then the BEFORE function returns the entire source string.

Syntax

The BEFORE function has the following format:

BEFORE(source_string, search_string[, not_case_sensitive][, n])

Parameters

The BEFORE function accepts the following parameters:

source_string (string)

search_string (string)

not_case_sensitive (Boolean)

Specifies case sensitivity. If the not_case_sensitive flag is set to FALSE or omitted, the BEFORE function searches the source string for an exact match. If the not_case_sensitive flag is set to TRUE, the function ignores case.

n (number)

Specifies the instance of the search string in the source string. If n is set to zero or one or omitted, the BEFORE function finds the first instance of the search string. Otherwise, the function finds the nth instance of the search string. If n is negative, the function begins the search at the end of the source string.

Return Value

The BEFORE function returns a string.

Example

Return_value=BEFORE('EricEric', 'r')
Return_value='E'

Return_value=BEFORE('EricEric', 'R')
Return_value='EricEric'

Return_value=BEFORE('EricEric', 'R', TRUE)
Return_value='E'

Return_value=BEFORE('EricEric', 'r', -1)
Return_value='EricE'

Return_value=BEFORE('EricEric', 'R', -1)
Return_value='EricEric'

Return_value=BEFORE('EricEric', 'R', TRUE, -1)
Return_value='EricE'

Return_value=BEFORE('EricEric', 'r', 2)
Return_value='EricE'

Return_value=BEFORE('EricEric', 'R', 2)
Return_value='EricEric'

Return_value=BEFORE('EricEric', 'R', TRUE, 2)
Return_value='EricE'

More information:

AFTER Function--Find a String

FIND Function--Return Position in String

BELOW Function--Is User Below Specified LDAP DN

The BELOW function returns a TRUE if the specified user (user_DN) exists within a container that is below the specified container (root_DN)

Syntax

The BELOW function has the following format:

BELOW(root_DN, user_DN)

Parameters

The BELOW function accepts the following parameters:

root_DN (string)

user_DN (string)

Return Value

The BELOW function returns a Boolean value.

Remarks

LDAP Only: Yes

More information:

ABOVE Function--Is User Above Specified LDAP DN

AT Function--Is User at Specified LDAP DN

BOOLEAN Function--Convert to "TRUE" or "FALSE"

The BOOLEAN function converts a number or string value to a string value of either "TRUE" or "FALSE". Numeric values of zero are converted to "FALSE". All other numeric values are converted to "TRUE". String values of "true" or "yes" are converted to "TRUE". All other string values are converted to "FALSE". The BOOLEAN function is not case-sensitive.

Syntax

The BOOLEAN function has the following format:

BOOLean(number | string)

Parameters

The BOOLEAN function accepts either one of the following two parameters:

number (number)

string (string)

Return Value

The BOOLEAN function returns one of the following string values:

Example

Return_value=BOOLEAN('Phoebe')
Return_value="FALSE"

Return_value=BOOLEAN('Yes')
Return_value="TRUE"

Return_value=BOOLEAN(123)
Return_value="TRUE"

Return_value=BOOLEAN(0)
Return_value="FALSE"

More information:

NUMBER Function--Convert to a Numeric Value

STRING Function--Convert to a String

CHAR Function--Convert an ASCII Value

The CHAR function converts the specified ASCII value to a one-character string.

Syntax

The CHAR function has the following format:

CHaR(ASCII_value)

Parameters

The CHAR function accepts the following parameter:

ASCII_value (number)

Specifies the ASCII value. If the ASCII_value is zero, the function returns an empty string. If the ASCII_value is greater than 255, the function converts the modulus 256 of the ASCII_value to a one-character string.

Note: Performing a modulus 256 on a value is equivalent to performing a bitwise AND with 255.

Return Value

The CHAR function returns a one-character string.

Example

Return_value=CHAR(0)
Return_value=''

Return_value=CHAR(36)
Return_value='$'

Return_value=CHAR(299)
Return_value='+'

CENTER Function--Pad a Source String

The CENTER function pads both ends of a source string with a specified character until the resulting string is a specified length. If the padding is uneven, the function adds an extra character to the end of the string.

Syntax

The CENTER function has the following format:

CENTER(source, length[, padding])

Parameters

The CENTER function accepts the following parameters:

source (string or number)

Specifies the source string. The function automatically converts a number to a string.

length (number)

Specifies the length of the resulting string.

padding (string)

(Optional) Specifies the character that the function uses to pad the source string.

Return Value

The CENTER function returns a string.

Example

Return_value=CENTER('Robin', 9, '*')
Return_value='**Robin**'

Return_value=CENTER('Robin', 7, 'ooo')
Return_value='oRobino'

Return_value=CENTER('Robin', 7, '')
Return_value='Robin'

Return_value=CENTER('Robin', 11)
Return_value='   Robin'

Return_value=CENTER(123, 9)
Return_value='000123000'

More information:

LPAD Function--Pad a Source String on the Left

RPAD Function--Pad a String on the Right

COMMONDN Function--Find a Common Root

The COMMONDN function returns the common root of two LDAP distinguished names (DNs) without calling an LDAP server.

Syntax

The COMMONDN function has the following format:

COMMONDN(ldapdn1, ldapdn2)

Parameters

The COMMONDN function accepts the following parameters:

ldapdn1 (string)

Specifies an LDAP distinguished name (DN).

ldapdn2 (string)

Specifies an LDAP distinguished name (DN).

Note: If either ldapdn1 or ldapdn2 is not a valid LDAP DN or if the two DNs do not share a common root, the function returns an empty string. An LDAP DN is not case-sensitive.

Return Value

The COMMONDN function returns a string.

Remarks

LDAP Only: Yes

Example

Return_value=COMMONDN('uid=Vincent,o=NDS.com', 'ou=People,o=nds.com')
Return_value='o=NDS.com'

More information:

PARENTDN Function--Retrieve Parent in LDAP Tree

EXPLODEDN Function--Convert LDAP DN to Set

RDN Function--Retrieve First Component of LDAP DN

RELATIONDN Function--Compare Two Distinguished Names

COUNT Function--Count the Elements in a Set

The COUNT function counts the number of elements in a set.

Syntax

The COUNT function has the following format:

COUNT(set[, case_sensitive])

Parameters

The COUNT function accepts the following parameters:

set (string)

Specifies a string of elements that are separated by the caret character: 'element1^element2'. Each element is a string.

case_sensitive (Boolean)

(Optional) Specifies case sensitivity.

Return Value

The COUNT function returns a number.

Example

Return_value=COUNT('phoebe^PHOEBE^robin^robin')
Return_value=4

Return_value=COUNT('phoebe^PHOEBE^robin^robin', FALSE)
Return_value=2

Return_value=COUNT('phoebe^PHOEBE^robin^robin', TRUE)
Return_value=3

More information:

ENUMERATE Function--Test Set Elements

FILTER Function--Test Set Elements

SORT Function--Sort a Set

DATE Function--Set to Midnight (form 1)

The DATE function (form 1) accepts a numeric representation of date and time and sets the time to midnight on the specified date.

Syntax

The DATE function (form 1) has the following format:

DATE(date_time)

Parameters

The DATE function (form1) accepts the following parameter:

date_time (number)

Specifies the date and time as the number of seconds that have passed since January 1, 1970. If date_time is not a valid representation of date and time, the function returns -1.

Return Value

The DATE function (form1) returns a number.

More information:

DATEFROMSTRING Function--Convert String to Number

DATETOSTRING Function--Convert Number to String

DATE Function--Convert Year, Month, Day, Hours, Minutes, and Seconds (form 2)

DATE Function--Convert Year, Month, Day, Hours, Minutes, and Seconds (form 2)

The DATE function (form 2) accepts six numbers that represent the year, month, day, hours, minutes, and seconds and converts them to a numeric representation of date and time. Date and time are represented numerically as the number of seconds that have passed since January 1, 1970. If the three time parameters are omitted, the function sets the time to midnight on the specified date.

Syntax

The DATE function (form 2) has the following format:

DATE(year, month, day[, hours, minutes, seconds])

Parameters

The DATE function (form 2) accepts the following parameters:

year (number)

Specifies a four-digit representation of the year.

Example: 2007

month (number)

Specifies the month.

Range: 1-12

day (number)

Specifies the day.

Range: 1-31

hours (number)

(Optional) Specifies the number of hours.

Range: 0-23

minutes (number)

(Optional) Specifies the number of minutes.

Range: 0-59

seconds (number)

(Optional) Specifies the number of seconds.

Range: 0-59

Return Value

The DATE function (form 2) returns a number.

More information:

DATE Function--Set to Midnight (form 1)

DATEFROMSTRING Function--Convert String to Number

DATETOSTRING Function--Convert Number to String

DATEFROMSTRING Function--Convert String to Number

The DATEFROMSTRING function accepts a string representation of a date, a time, or both and converts the string to a numeric representation. Date and time are represented numerically as the number of seconds that have passed since January 1, 1970.

Syntax

The DATEFROMSTRING function has the following format:

DATEFROMSTRING(date_time[, format_string])

Parameters

The DATEFROMSTRING function accepts the following parameters:

date_time (string)

format_string (string)

(Optional) Specifies the format of date_time. For example, the format_string "YYYYMMDD" specifies the format of "20020223." If the format_string is omitted, the function uses the default format of "YYYYMMDDhhmmss." If date_time is invalid, the function returns -1.

Return Value

The DATEFROMSTRING function returns a number.

Example

Return_value=DATEFROMSTRING('20020223')
Return_value=1024804800

More information:

DATE Function--Set to Midnight (form 1)

DATETOSTRING Function--Convert Number to String

DATE Function--Convert Year, Month, Day, Hours, Minutes, and Seconds (form 2)

DATETOSTRING Function--Convert Number to String

The DATETOSTRING function accepts a numeric representation of a date, a time, or both and converts the number to a string representation.

Syntax

The DATETOSTRING function has the following format:

DATETOSTRING(date_time[, format_string])

Parameters

The DATETOSTRING function accepts the following parameters:

date_time (number)

Specifies a date, a time, or both as the number of seconds that have passed since January 1, 1970. If the date_time is invalid, the function returns the value "INVALID DATE".

format_string (string)

(Optional) Specifies the format of a date, a time, or both in the resulting string using the format codes listed in the table. Any characters or character combinations not listed in the table are inserted in the resulting string as is. If the format_string is omitted, the function formats the resulting string using the date and time representation appropriate for the locale that is currently stored in the Policy Server. The format codes and resulting formats are:

Code

Resulting Format

%a

Abbreviated weekday name (English)

%A

Full weekday name (English)

%b

Abbreviated month name (English)

%B

Full month name (English)

%c

Date and time representation appropriate for current locale

%#c

Long date and time representation appropriate for current locale

%d

Day of month as decimal number (01-31)

%H

Hour in 24-hour format (00-23)

%I

Hour in 12-hour format (01-12)

%j

Day of year as decimal number (001-366)

%m

Month as decimal number (01-12)

%M

Minute as decimal number (00-59)

%P

Local am and pm indicator for 12-hour clock

%S

Second as decimal number (00-59)

%U

Week of year as decimal number with Sunday as first day of week (00-53)

%w

Weekday as decimal number (0-6 with Sunday as 0)

%W

Week of year as decimal number with Monday as first day of week (00-53)

%x

Date representation appropriate for current locale

%#x

Long date representation appropriate for current locale

%X

Time representation appropriate for current locale

%y

Year without century as decimal number (00-99)

%Y

Year with century as decimal number

%z, %Z

Time-zone name or abbreviation if known

%%

Percent sign

Note: The pound sign modifies the meaning of the format codes, as follows.

Return Value

The DATETOSTRING function returns a string.

Example

Return_value=DATETOSTRING(1024804800, '%Y%m%d')
Return_value='20020223'

Return_value=DATETOSTRING(1024804800, '%Y%#m%#d')
Return_value='2002223'

More information:

DATE Function--Set to Midnight (form 1)

DATEFROMSTRING Function--Convert String to Number

DATE Function--Convert Year, Month, Day, Hours, Minutes, and Seconds (form 2)

DAY Function--Return Day of Month

The DAY function accepts a numeric representation of date and time and returns the number corresponding to the day of the month.

Syntax

The DAY function has the following format:

DAY(date_time)

Parameters

The DAY function accepts the following parameter:

date_time (number)

Specifies the date and time as the number of seconds that have passed since January 1, 1970. If the date is invalid, the function returns -1.

Return Value

The DAY function returns a number from 1 to 31.

Example

Return_value=DAY(1024804800)
Return_value=23

More information:

DOW Function--Return Day of Week

DOY Function--Return Day of Year

DOW Function--Return Day of Week

The DOW function accepts a numeric representation of date and time and returns a number corresponding to the day of the week.

Syntax

The DOW function has the following format:

DOW(date_time)

Parameters

The DOW function accepts the following parameter:

date_time (number)

Specifies the date and time as the number of seconds that have passed since January 1, 1970. If the date is invalid, the function returns -1.

Return Value

The DOW function returns a number from 0 (Sunday) to 6 (Saturday).

Example

Return_value=DOW(1024804800)
Return_value=0

More information:

DAY Function--Return Day of Month

DOY Function--Return Day of Year

DOY Function--Return Day of Year

The DOY function accepts a numeric representation of date and time and returns a number corresponding to the day of the year.

Syntax

The DOY function has the following format:

DOY(date_time)

Parameters

The DOY function accepts the following parameter:

date_time (number)

Specifies the date and time as the number of seconds that have passed since January 1, 1970. If the date is invalid, the function returns -1.

Return Value

The DOY function returns a number from 1 to 366.

Example

Return_value=DOY(1024804800)
Return_value=173

More information:

DAY Function--Return Day of Month

DOW Function--Return Day of Week

ENUMERATE Function--Test Set Elements

The ENUMERATE function passes each element in the specified set to the named expression specified by the parameter #virtual_user_attribute or @user_class using pasting. If the named expression returns a value, the element is included in the resulting string.

Syntax

The ENUMERATE function has the following format:

ENUMERATE(set, #virtual_user_attribute | @user_class)

Parameters

The ENUMERATE function accepts the following parameters:

set (string)

Specifies a string of elements that are separated by the caret character: 'element1^element2'. Each element is a string.

#virtual_user_attribute (named expression)

Specifies a named expression that calculates a user attribute.

@user_class (named expression)

Specifies a named expression that tests for membership in a user directory or group.

Return Value

The ENUMERATE function returns a string or integer depending on the attribute type that the function expects.

Example 1

Virtual User Attribute #GetCN set to RDN( STRING(%0),FALSE)

ENUMERATE(SM_USERGROUPS, #GetCN)

Example 2

ENUMERATE(SM_USERGROUPS, STRING(RDN(%0, FALSE)))



More information:

LOOP Function--Call a Virtual Attribute in a Loop

COUNT Function--Count the Elements in a Set

FILTER Function--Test Set Elements

SORT Function--Sort a Set

Pasting

ERROR Function--Write Error Message to Console Log

The ERROR function writes the specified error message to CA SiteMinder®'s Console Log.

Syntax

The ERROR function has the following format:

ERROR(error_message)

Parameters

The ERROR function accepts the following parameter:

error_message (string)

Return Value

The ERROR function returns an empty string. When used in a Boolean context, the ERROR function returns the value TRUE.

Remarks

Priviledged: Yes

Example

Return_value=ERROR('Invalid Access')
Return_value=''

More information:

TRACE Function--Write Trace Entry to Console Log

INFO Function--Write INFO Message to Console Log

WARNING Function--Write WARNING Message to Console Log

EVALUATE Function--Evaluate an Expression

The EVALUATE function evaluates an expression in the context of the current user and returns the result as a string. If an optional user path is provided, the function evaluates the expression in the context of the specified user.

Syntax

The EVALUATE function has the following format:

EVALUATE(expression)

Parameters

The EVALUATE function accepts the following parameters:

expression (string)

Specifies the expression to be evaluated.

Return Value

The EVALUATE function returns a string.

Remarks

Privileged: Yes

Example

Return_value=EVALUATE("sn + ',' + givenname")
Return_value="Hood, Robin"

EXISTS Function--Look Up File Name

The EXISTS function looks up the specified file and returns a TRUE if the file exists. Otherwise, the function returns a FALSE.

Syntax

The EXISTS function has the following format:

EXISTS(filename)

Parameters

The EXISTS function accepts a filename.

filename (string)

Return Value

The EXISTS function returns a Boolean value.

Remarks

Privileged: Yes

Example

Return_value=EXISTS('SmUtilities.dll')
Return_value=TRUE

More information:

KEY Function--Look Up Key

EXPLODEDN Function--Convert LDAP DN to Set

The EXPLODEDN function converts an LDAP distinguished name (DN) to a set without calling an LDAP server.

Syntax

The EXPLODEDN function has the following format:

EXPLODED(ldapdn[, remove_attribute_names])

Parameters

The EXPLODEDN function accepts the following parameters:

ldapdn (string)

Specifies an LDAP distinguished name (DN).

remove_attribute_names (Boolean)

(Optional) Specifies the remove_attribute_names flag. If the flag is TRUE, the function removes the attribute names from the LDAP distinguished name (DN).

Return Value

The EXPLODEDN function returns a string of elements that are separated by the caret character: 'element1^element2'. Each element is a string.

Remarks

LDAP Only: Yes

Example

Return_value=EXPLODEDN('uid=hawk,o=NDS.com', FALSE)
Return_value='uid=hawk^o=NDS.com'

Return_value=EXPLODEDN('uid=hawk,o=NDS.com', TRUE)
Return_value='hawk^NDS.com'

More information:

COMMONDN Function--Find a Common Root

PARENTDN Function--Retrieve Parent in LDAP Tree

RDN Function--Retrieve First Component of LDAP DN

RELATIONDN Function--Compare Two Distinguished Names

FILTER Function--Test Set Elements

The FILTER function compares each element in the specified set to the specified pattern and returns a new set containing only the elements that match the pattern. If the optional NOT operator is included, the FILTER function returns a new set containing only the elements that do not match the pattern.

Syntax

The FILTER function has the following format:

FILTER(set, [NOT ]pattern)

Parameters

The FILTER function accepts the following parameters:

set (string)

Specifies a string of elements that are separated by the caret character: 'element1^element2'. Each element is a string.

pattern (string)

Specifies a pattern of characters. A pattern can include single characters, ranges of characters, or both. A range of characters is expressed as two characters separated by a hyphen. The following are examples of valid character ranges: 0-9, a-z, and A-Z. The pattern parameter can also include characters that are reserved and have special meanings. The reserved characters are:

Character

Meaning

?

Matches any single character

*

Matches any sequence of characters, including one or none

[set]

Matches any single character in the specified set

[!set] or [^set]

Matches any single character not in the specified set

\

Treats any reserved character as a regular character, such as \*

NOT (operator)

(Optional) If the NOT operator is included, the function returns a new set containing only the elements that do not match the pattern.

Return Value

The FILTER function returns a string of elements separated by the caret character: 'element1^element2'. Each element is a string.

Example

Return_value=FILTER('Faith^Earl^Emilie^Fred', 'E*')
Return_value='Earl^Emilie'

Return_value=FILTER('Faith^Earl^Emilie^Fred', NOT 'E*')
Return_value='Faith^Fred'

More information:

COUNT Function--Count the Elements in a Set

ENUMERATE Function--Test Set Elements

SORT Function--Sort a Set

FIND Function--Return Position in String

The FIND function finds the specified instance of the search string in the source string and returns its position. If the search string is not found, then the function returns a zero.

Syntax

The FIND function has the following format:

FIND(source_string, search_string[, not_case_sensitive][, n])

Parameters

The FIND function accepts the following parameters:

source_string (string)

search_string (string)

not_case_sensitive (Boolean)

(Optional) Specifies case sensitivity. If the not_case_sensitive flag is omitted or set to FALSE, the function searches the source string for an exact match. If the not_case_sensitive flag is set to TRUE, the FIND function ignores case.

n (number)

(Optional) Specifies the instance of the search string in the source string. If n is set to zero or one or omitted, the function finds the first instance of the search string. Otherwise, the function finds the nth instance of the search string. If n is negative, the function begins the search at the end of the source string.

Return Value

The FIND function returns a number.

Example

Return_value=FIND('PhoebePhoebe', 'oe', FALSE, 1)
Return_value=3

Return_value=FIND('PhoebePhoebe', 'OE', FALSE, 1)
Return_value=0

Return_value=FIND('PhoebePhoebe', 'OE', TRUE, 1)
Return_value=3

Return_value=FIND('PhoebePhoebe', 'oe', FALSE, -1)
Return_value=9

Return_value=FIND('PhoebePhoebe', 'OE', FALSE, -1)
Return_value=0

Return_value=FIND('PhoebePhoebe', 'OE', TRUE, -1)
Return_value=9

Return_value=FIND('PhoebePhoebe', 'oe', FALSE, 2)
Return_value=9

Return_value=FIND('PhoebePhoebe', 'OE', FALSE, 2)
Return_value=0

Return_value=FIND('PhoebePhoebe', 'OE', TRUE, 2)
Return_value=9

More information:

AFTER Function--Find a String

BEFORE Function--Find a String

GET Function--Locate Attributes in a User Directory

The GET function locates the specified attribute or attributes in a user directory and returns the attribute values. Multiple attribute values are separated by the caret character. If the function cannot find an attribute, it returns an empty string.

Syntax

The GET function has the following format:

GET(user_attribute_name | user_attributes_string)

Parameters

The GET function accepts one of the following parameters:

user_attribute_name (unquoted string)

Specifies a single user attribute.

user_attributes_string (string)

Specifies a string of user attribute names separated by a character. The function uses this character to separate one attribute's values from another attribute's values in the resulting string.

Return Value

The GET function returns a string.

Remarks

Privileged: Yes

LDAP Only: Yes

Example

Return_value=GET('sn,givenname')
Return_value='Finch,Robin'

More information:

SET Function--Set the Value of an Attribute

HEX Function--Convert to Hexadecimal

The HEX function converts a decimal number to a hexadecimal number and returns it as a string.

Syntax

The HEX function has the following format:

HEX(decimal_number)

Parameters

The HEX function accepts the following parameter:

decimal_number (number)

Return Value

The HEX function returns a string.

Example

Return_value=HEX(16)
Return_value='10'

HOUR Function--Convert to Hour

The HOUR function converts the specified date and time to an hour from 1 to 12.

Syntax

The HOUR function has the following format:

HOUR(date_time)

Parameters

The HOUR function accepts the following parameter:

date_time (number)

Specifies the date and time as the number of seconds that have passed since January 1, 1970. If date_time is not a valid representation of date and time, the function returns -1.

Return Value

The HOUR function returns a number from 1 to 12.

More information:

HOUR24 Function--Convert to Hour

HOUR24 Function--Convert to Hour

The HOUR24 function converts the specified date and time to an hour from 0 to 23.

Syntax

The HOUR24 function has the following format:

HOUR24(date_time)

Parameters

The HOUR24 function accepts the following parameter:

date_time (number)

Specifies the date and time as the number of seconds that have passed since January 1, 1970. If date_time is not a valid representation of date and time, the function returns -1.

Return Value

The HOUR24 function returns a number from 0 to 23.

More information:

HOUR Function--Convert to Hour

INFO Function--Write INFO Message to Console Log

The INFO function writes the string argument to the CA SiteMinder® Console Log as an INFO message.

Syntax

The INFO function has the following format:

INFO(source_string)

Parameters

The INFO function accepts the following parameter:

source_string (string)

Return Value

The INFO function returns a Boolean, always TRUE.

Example

Return_value=INFO("86% Complete")
Return_value=TRUE

More information:

ERROR Function--Write Error Message to Console Log

TRACE Function--Write Trace Entry to Console Log

WARNING Function--Write WARNING Message to Console Log

KEY Function--Look Up Key

The KEY function looks up the specified key name in the specified application section of the specified file and returns a key value. If the key, application, or file is not found, then the KEY function returns an empty string.

Syntax

The KEY function has the following format:

KEY(filename, [application_name, ]key_name)

Parameters

The KEY function accepts the following parameters:

filename (string)

Specifies the file. In the specified file, comment lines start with a semicolon, pound sign, or two forward slashes. Comment lines, blank lines, and leading and trailing spaces are ignored.

application_name (string)

(Optional) Specifies the name of the application section. In the specified file, application names are enclosed by square brackets and specify the beginning of an application section: [application_name]. Application names are case-sensitive.

key_name (string)

Specifies the name of the key. In the specified file, key names and values are enclosed by angle brackets and paired by an equal sign, one pair per line: <key_name>=<key_value>. Key names are case-sensitive.

Return Value

The KEY function returns a string.

Remarks

Privileged: Yes

LDAP Only: No

Example

Return_value=KEY('application.dat', 'login user')
Return_value='key_value'

More information:

EXISTS Function--Look Up File Name

LCASE Function--Convert to Lowercase

The LCASE function converts any uppercase letters in the specified string to lowercase.

Syntax

The LCASE function has the following format:

LCASE(specified_string)

Parameters

The LCASE function accepts the following parameter:

specified_string (string)

Return Value

The LCASE function returns a string.

Example

Return_value=LCASE('BARRED OWL')
Return_value='barred owl'

More information:

PCASE Function--Convert a String to Proper Case

UCASE Function--Convert to Upper Case

LEFT Function--Return Part of a String

The LEFT function returns a specified number of characters of a string. If the string is shorter than the specified number of characters, the entire string is returned.

Syntax

The LEFT function has the following format:

LEFT(source_string, length)

Parameters

The LEFT function accepts the following parameters:

source_string (string)

length (number)

Return Value

The LEFT function returns a string.

Example

Return_value=LEFT('JuanJuan', 2)
Return_value='Ju'

Return_value=LEFT('JuanJuan', 10)
Return_value=('JuanJuan')

Return_value=LEFT('JuanJuan', 0)
Return_value=''

More information:

MID Function--Return Part of a String

RIGHT Function--Retrieve Characters from a String

LEN Function--Return the Length of a String

The LEN function returns the length of a string.

Syntax

The LEN function has the following format:

LEN(source_string)

Parameters

The LEN function accepts the following parameter:

source_string (string)

Return Value

The function returns a number.

Example

Return_value=LEN("JuanJuan")
Return_value=8

LOG Function--Write a String to a File

The LOG function writes the string argument to the specified file.

Syntax

The LOG function has the following format:

LOG(filename, source_string)

Parameters

The LOG function accepts the following parameters:

filename (string)

source_string (string)

Return Value

The LOG function returns a Boolean, which is always TRUE.

Remarks

Privileged: Yes

Example

Return_value=LOG("auditlog.txt", "Accessing Realm XXX")
Return_value=TRUE

LOOP Function--Call a Virtual Attribute in a Loop

The LOOP function calls the virtual attribute once for each possible number in the loop, starting and ending at the specified values. If the step value is specified, the numbers are incremented by the step value. If the virtual attribute returns a non-blank value, the value is included in the resulting set.

Syntax

The LOOP function has the following format:

LOOP(#virtual_user_attribute, start_value, end_value, [step,] ) 

Parameters

The LOOP function accepts the following parameters:

#virtual_user_attribute (Named Expression)

Name of a defined virtual attribute. The virtual attribute can access the current loop counter by using a reference to %0.

start_value (number)

end_value (number)

step (number)

(Optional) The default is 1. Negative values are allowed.

Return Value

The LOOP function returns a set.

Examples

For these examples assume the virtual user attribute is #Padset := LPAD(%0, 2)

Return_set=LOOP(#Padset ,1, 5)
Return_set="001^002^003^004^005"
Return_set=LOOP(#Padset ,1, 5, 2)
Return_set="001^003^005"
Return_set=LOOP(#Padset ,5, 1, -1)
Return_set="005^004^003^002^001"

More information:

ENUMERATE Function--Test Set Elements

FILTER Function--Test Set Elements

Pasting

LPAD Function--Pad a Source String on the Left

The LPAD function pads a source string on the left with the first character of the specified padding until the resulting string is the specified length.

Syntax

The LPAD function has the following format:

LPAD(source_string, length[, padding])

Parameters

The LPAD function accepts the following parameters:

source_string (string)

This parameter can also be a number; it is automatically converted to a string.

length (number)

The number of characters of the final string.

padding (string)

(Optional) If the padding is more than one character long, only the first character is used. If the padding is zero length, no padding is done. If the source is a string and padding omitted, a space is used for padding. If the source is a number and padding is omitted, a zero is used for padding.

Return Value

The LPAD function returns a string.

Examples

Result_value=LPAD('Juan', 5)
Result_value=' Juan'

Result_value=LPAD('Juan', 5, 'X')
Result_value= 'XJuan'

Result_value=LPAD('Juan', 6, 'XY')
Result_value= 'XXJuan'

Result_value=LPAD(5, 2)
Result_value= '05'

Result_value=LPAD(5, 2, ' ')
Result_value=' 5'

More information:

CENTER Function--Pad a Source String

RPAD Function--Pad a String on the Right

LTRIM Function--Remove Leading Spaces in a String

The LTRIM function returns a string representing the source_string with any leading spaces removed.

Syntax

The LTRIM function has the following format:

LTRIM(source_string)

Parameters

The LTRIM function accepts the following parameter:

source_string (string)

Return Value

The LTRIM function returns a string.

Example

Return_value=LTRIM('  Juan ')
Return_value='Juan '

More information:

RTRIM Function--Remove Trailing Spaces from a String

MAX Function--Determine the Larger of Two Values

The MAX function returns the larger of two numeric arguments.

Syntax

The MAX function has the following format:

MAX(int_1, int_2)

Parameters

The MAX function accepts the following parameters:

int_1 (number)

int_2 (number)

Return Value

The MAX function returns a number.

Example

Return_value=MAX(-2, 4)
Return_value=4

More information:

MIN Function--Determine the Lesser of Two Numbers

MAYBE Function--Report an Indeterminate Result

You can write an expression that tests a condition and calls the function MAYBE if information needed for the test is missing or incomplete. When the expression evaluator encounters MAYBE, it tries to resolve the expression without the needed information. This is only possible when MAYBE is part of a compound expression.

For example, when the operator is AND and one operand is FALSE, the evaluator can determine that the result of the operation is FALSE. When one operand is TRUE and the other operand is undefined or both operands are undefined, the evaluator cannot determine the result of the operation. When both operands are TRUE, the result of the AND operation is TRUE.

AND Operator

True

False

Undefined

True

True

False

Indeterminate

False

False

False

False

Undefined

Indeterminate

False

Indeterminate

Likewise, when the operator is OR and one operand is TRUE, the evaluator can determine that the result of the operation is TRUE. When one operand is FALSE and the other operand is undefined or both operands are undefined, the evaluator cannot determine the result of the operation. When both operands are FALSE, the result of the OR operation is FALSE.

OR Operator

True

False

Undefined

True

True

True

True

False

True

False

Indeterminate

Undefined

True

Indeterminate

Indeterminate

If the evaluator cannot resolve the expression, it stops processing and the specified message is output to the console log or report depending on the context. MAYBE is typically called during role evaluation either in the context of a policy or report generation.

Typically, conditions depend on the time of day or an IP address or the value of a virtual user attribute (specified by the # sign), a user class (specified by the @ sign), a context variable (specified by the % sign), or a user attribute.

Note: In the case of LDAP user directories, the evaluator cannot determine whether a user attribute is defined.

Syntax

The MAYBE function has the following format:

MAYBE(message)

Parameters

The MAYBE function accepts the following parameter:

message (string)

Specifies the information that is missing and needed to evaluate a condition in an expression.

Return Value

The MAYBE function does not return.

Example

VEXIST(%ClientIP) ? #CheckIP : MAYBE('Client IP address is not defined.')
Message Output to the Console Log or Report: 'Client IP address is not defined.'

More information:

THROW Function--Stop Processing and Report Custom Error

MID Function--Return Part of a String

The MID function returns the characters of the source_string starting at the start position (numbered from one) up to the specified length. If no length is specified, the rest of the source_string (after the start position) is returned.

Syntax

The MID function has the following format:

MID(source_string, start[,length])

Parameters

The MID function accepts the following parameters:

source_string (string)

start (number)

length (number) (Optional)

Return Value

The MID function returns a string.

Example

Return_value=MID('JuanJuan', 2, 3)
Return_value='uan'

Return_value=MID('JuanJuan', 2)
Return_value='uanJuan'

More information:

LEFT Function--Return Part of a String

RIGHT Function--Retrieve Characters from a String

MIN Function--Determine the Lesser of Two Numbers

The MIN function returns the lesser of two numeric arguments.

Syntax

The MIN function has the following format:

MIN(int_1, int_2)

Parameters

The MIN function accepts the following parameters:

int_1 (number)

int_2 (number)

Return Value

The MIN function returns a number.

Example

Return_value=MIN(-2, 4)
Return_value=-2

More information:

MAX Function--Determine the Larger of Two Values

MINUTE Function--Return the Minutes Component for a Date

The MINUTE function returns the number representing the minute component for a specified date_time expressed in seconds since January 1, 1970.

Syntax

The MINUTE function has the following format:

MINUTE(date_time)

Parameters

The MINUTE function accepts the following parameter:

date_time (number)

The date in the number of seconds.

Return Value

The MINUTE function returns a number between 0 and 59. If the date_time is invalid, MINUTE returns -1.

MOD Function--Return Division Remainder

The MOD function returns the modulus (remainder) of the division of the first number by the second. If the second number is zero, zero is returned.

Syntax

The MOD function has the following format:

MOD(int_1, int_2) 

Parameters

The MOD function accepts the following parameters:

int_1 (number)

The dividend of the division operation.

int_2 (number)

The divisor of the division operation.

Return Value

The MOD function returns a number.

Example

Return_value=MOD(3, 2)
Return_value=1

Return_value=MOD(6, 3)
Return_value =0

MONTH Function--Return the Month Component of a Date

The MONTH function returns the number representing the month component for a specified date_time expressed in seconds since January1, 1970.

Syntax

The MONTH function has the following format:

MONTH(date_time)

Parameters

The MONTH function accepts the following parameter:

date_time (number)

The date represented in the number of seconds.

Return Value

The MONTH function returns a number between 1 and 12. If the date_number is invalid, MONTH returns -1.

More information:

DAY Function--Return Day of Month

DOW Function--Return Day of Week

DOY Function--Return Day of Year

YEAR Function--Return the Year Component of a Numeric Date

YEAR4 Function--Return the Year Component of a Date (4 digits)

NOTBITS Function--Perform a Bitwise NOT

The NOTBITS function performs a bitwise NOT operation on a number.

Syntax

The NOTBITS function has the following format:

NOTBITS(number)

Parameters

The NOTBITS function accepts the following parameter:

number (number)

Return Value

The NOTBITS function returns a number.

Examples

Return_value=NOTBITS(0)
Return_value=-1

Return_value=NOTBITS(1)
Return_value=-2

More information:

ANDBITS Function--Perform a Bitwise AND Operation

ORBITS Function--Perform a Bitwise OR Operation

XORBITS Function--Perform a Bitwise XOR Operation

NOW Function--Return Current Time in Seconds

The NOW function returns a numeric value representing the number of seconds since January 1, 1970 at the time the function is invoked. The time is local to the current server system.

This value is computed at the beginning of operations in a specific expression. Multiple references to the NOW function within the same expression always have the same result.

Syntax

The NOW function has the following format:

NOW()

Parameters

The NOW function accepts no parameters.

Return Value

The NOW function returns a number.

Example

Return_value=NOW()
Return_value=1024804800

More information:

NOWGMT Function--Return Current Time in Seconds

NOWGMT Function--Return Current Time in Seconds

The NOWGMT function returns a numeric value representing the number of seconds since January 1, 1970 at the time the function is invoked. The time is in the Greenwich (ZULU) time zone.

This value is computed at the beginning of operations in a specific expression. Multiple references to the NOWGMT function within the same expression always have the same result.

Syntax

The NOWGMT function has the following format:

NOWGMT()

Parameters

The NOWGMT function accepts no parameters.

Return Value

The NOWGMT function returns a number.

More information:

NOW Function--Return Current Time in Seconds

NUMBER Function--Convert to a Numeric Value

The NUMBER function converts its argument to a numeric value. Strings are converted up to the first non-digit. Booleans that have a value of TRUE are converted to 1; otherwise, they are converted to zero.

Syntax

The NUMBER function has the following format:

NUMBER(source_string | bool_val)

Parameters

The NUMBER function accepts either of the following parameters:

source_string (string)

bool_val (Boolean)

Return Value

The NUMBER function returns a number.

Example

Return_value=NUMBER('juan')
Return_value=0

Return_value=NUMBER('45juan')
Return_value=45

Return_value=NUMBER(TRUE)
Return_value=1

More information:

BOOLEAN Function--Convert to "TRUE" or "FALSE"

STRING Function--Convert to a String

ORBITS Function--Perform a Bitwise OR Operation

The ORBITS function performs a bitwise OR operation on its two arguments.

Syntax

The ORBITS function has the following format:

ORBITS(int_1, int_2)

Parameters

The ORBITS function accepts the following parameters:

int_1 (number)

int_2 (number)

Return Value

The ORBITS function returns a number.

Examples

Result_value=ORBITS(6, 1)
Result_value=7

Result_value=ORBITS(7, 8)
Result_value=15

More information:

ANDBITS Function--Perform a Bitwise AND Operation

XORBITS Function--Perform a Bitwise XOR Operation

NOTBITS Function--Perform a Bitwise NOT

PARENTDN Function--Retrieve Parent in LDAP Tree

The PARENTDN function returns the next level up in the LDAP Directory Information Tree above the specified distinguished name (DN). If the specified DN is invalid, or is already at the top of the tree, a blank string is returned.

Syntax

The PARENTDN function has the following format:

PARENTDN(source_string)

Parameters

The PARENTDN function accepts the following parameters:

source_string (string)

The LPAP distinguished name (DN).

Return Value

The PARENTDN function returns a string.

Remarks

LDAP Only: Yes

Example

Return_value=PARENTDN("uid=juan,o=NDS.com")
Return_value="o=NDS.com"

Return_value=PARENTDN("o=NDS.com")
Return_value=""

More information:

COMMONDN Function--Find a Common Root

EXPLODEDN Function--Convert LDAP DN to Set

RDN Function--Retrieve First Component of LDAP DN

RELATIONDN Function--Compare Two Distinguished Names

PCASE Function--Convert a String to Proper Case

The PCASE function converts the specified string to proper case (initial capital letters).

Syntax

The PCASE function has the following format:

PCASE(source_string)

Parameters

The PCASE function accepts the following parameters:

source_string (string)

Return Value

The PCASE function returns a string.

Example

Return_value=PCASE("framingham, mass")
Return_value="Framingham, Mass")

More information:

LCASE Function--Convert to Lowercase

UCASE Function--Convert to Upper Case

QS Function--Retrieve Items from a Query String

The QS function retrieves items from the query string associated with the resource being accessed by the user when the expression is evaluated.

If no arguments are supplied to this function, the entire query string (and only the query string) is returned. The query string is returned unchanged.

If the string argument is supplied as a blank string (“”), then all of the arguments in the query string that are unnamed are returned. If multiple values exist, they are returned as a set.

If the string argument is supplied as a non-blank string, all of the arguments in the query string that are named with a matching name are returned. Case-sensitivity is controlled by the optional Boolean flag. If multiple values exist, they are returned as a set.

Syntax

The QS function has the following format:

QS([input_string,][ not_case_sensitive])

Parameters

The QS function accepts the following optional parameters:

input_string (string)

(Optional) Name of an argument in the query string.

not_case_sensitive (Boolean)

(Optional) If the not_case_sensitive flag is set to FALSE or omitted, the function searches the query string for an exact match. If the not_case_sensitive flag is set to TRUE, the function ignores case.

Return Value

The QS function returns a string.

Example

Assume this resource: http://myserver.com/index.jsp?Test=A&X&TEST=D&c&Dbg

Return_value=QS()
Return_value='Test=A&X&TEST=D&c&Dbg'

Return_value=QS("")
Return_value='X^c'

Return_value=QS("Test")
Return_value= 'A^D'

Return_value=QS("Test", false)
Return_value= 'A'

"Dbg" IN QS("")
Return_value=TRUE

More information:

URL Function--Returns a Component of a URL String

RDN Function--Retrieve First Component of LDAP DN

The RDN function returns the first component of the specified LDAP Distinguished Name (DN). If the optional Boolean argument is TRUE (the default), the attribute name is removed and only the value is returned.

If the specified DN is invalid, a blank string is returned. This function does not call any LDAP server.

Syntax

The RDN function has the following format:

RDN(DN_string[, remove_name])

Parameters

The RDN function accepts the following parameters:

DN_string (string)

LDAP Distinguished Name

remove_name

(Optional) When set to TRUE (the default), the attribute name is removed from the returned string. When set to FALSE, the attribute is included in the returned string.

Return Value

The RDN function returns a string.

Remarks

LDAP Only: Yes

Example

Return_value=RDN("uid=juan,o=NDS.com")
Return_value="juan"

Return_value=RDN("uid=juan,o=NDS.com", TRUE)
Return_value="juan"

Return_value=RDN("uid=juan,o=NDS.com", FALSE)
Return_value="uid=juan"

More information:

COMMONDN Function--Find a Common Root

PARENTDN Function--Retrieve Parent in LDAP Tree

EXPLODEDN Function--Convert LDAP DN to Set

RELATIONDN Function--Compare Two Distinguished Names

RELATIONDN Function--Compare Two Distinguished Names

The RELATIONDN function compares the two specified LDAP distinguished names (DNs) and returns a string indicating the relationship between them.

If either of the two DNs is invalid, or the two DNs are completely unrelated, a blank string is returned.

If the two DNs are related, the difference in levels (of the Directory Information Tree) is returned as a string. If the first DN is the ancestor of the second, the number is positive. If the first DN is a descendent of the second, the number is negative. If the two DNs are equal or siblings, the return is 0 (indicating no levels).

Note: This function does not call any LDAP server functions.

Syntax

The RELATIONDN function has the following format:

RELATIONDN(dn_1, dn_2)

Parameters

The RELATIONDN function accepts the following parameters:

dn_1 (string)

dn_2 (string)

Return Value

The RELATIONDN function returns a string.

Remarks

LDAP Only: Yes

Example

Return_value=RELATIONDN("uid=eric,o=NDS.com", "o=NDS.com")
Return_value="-1"

Return_value=RELATIONDN("o=NDS.com", "uid=eric,o=NDS.com")
Return_value="1"

Return_value=RELATIONDN("uid=dave,o=NDS.com", "uid=eric,o=NDS.com")
Return_value="0"

Return_value=RELATIONDN("uid=dave,o=XYZ.com", "uid=eric,o=NDS.com")
Return_value=""

More information:

COMMONDN Function--Find a Common Root

PARENTDN Function--Retrieve Parent in LDAP Tree

EXPLODEDN Function--Convert LDAP DN to Set

RDN Function--Retrieve First Component of LDAP DN

RIGHT Function--Retrieve Characters from a String

The RIGHT function returns the specified number of characters from the end of a string. If the string is shorter than the number, the entire string is returned.

Syntax

The RIGHT function has the following format:

RIGHT(source_string, length)

Parameters

The RIGHT function accepts the following parameters:

source_string (string)

length (number)

Number of characters to extract, counting from the end of the string.

Return Value

The RIGHT function returns a string.

Example

Return_value=RIGHT('JuanJuan', 2)
Return_value='an'

Return_value=RIGHT('JuanJuan', 10)
Return_value='JuanJuan'

Return_value=RIGHT('JuanJuan', 0)
Return_value=''

More information:

LEFT Function--Return Part of a String

MID Function--Return Part of a String

RPAD Function--Pad a String on the Right

The RPAD function adds the first character of the specified padding to the end of the string until the source string becomes the specified length.

If the padding is more than one character long, only the first character is used. If the padding is zero length, no padding is added.

If the source is a string, and the padding is not specified, a space is used for padding. If the source is a number and padding is not specified, a zero is used for padding.

Syntax

The RPAD function has the following format:

RPAD(source_string|number, length[, padding]) 

Parameters

The RPAD function accepts the following parameters:

source_string (string)

This parameter can be a number; it is converted to a string.

length (number)

padding (string)

(Optional)

Return Value

The RPAD function returns a string.

Example

Return_value=RPAD('Juan', 5)
Return_value='Juan '

Return_value=RPAD('Juan', 5, 'X')
Return_value='JuanX'

Return_value=RPAD('Juan', 6, 'XY')
Return_value='JuanXX'

Return_value=RPAD(5, 2)
Return_value='50'

Return_value=RPAD(5, 2, ' ')
Return_value='5 '

More information:

CENTER Function--Pad a Source String

LPAD Function--Pad a Source String on the Left

RPT Function--Repeat a String

The RPT function returns a string that repeats a source string the specified number of times.

Syntax

The RPT function has the following format:

RPT(source_string|number, repeat_count)

Parameters

The RPT function accepts the following parameters:

source_string (string)

This parameter can be a number; it is converted to a single character.

repeat_count (string)

Return Value

The RPT function returns a string.

Example

Return_value=RPT('Juan', 3)
Return_value='JuanJuanJuan')

Return_value=RPT('*', 10)
Return_value="**********')

RTRIM Function--Remove Trailing Spaces from a String

The RTRIM function eliminates trailing spaces from a source string and returns the result.

Syntax

The RTRIM function has the following format:

RTRIM(source_string)

Parameters

The RTRIM function accepts the following parameter:

source_string (string)

Return Value

The RTRIM function returns a string.

Example

Return_value=RTRIM(' JuanJuan  ' )
Return_value=' JuanJuan'

More information:

LTRIM Function--Remove Leading Spaces in a String

SECOND Function--Return the Number of Seconds in a Date

The SECOND function returns a value that represents the seconds component of a date expressed as the number of seconds since January 1, 1970.

Syntax

The SECOND function has the following format:

SECOND(date_time)

Parameters

The SECOND function accepts the following parameter:

date_time (number)

The number of seconds.

Return Value

The SECOND function returns a number from 0 to 59.

More information:

MINUTE Function--Return the Minutes Component for a Date

SET Function--Set the Value of an Attribute

The SET function assigns a specified value to a specified attribute. Multiple values are specified for multi-valued attributes by a set. This function works for all User Directories supported by CA SiteMinder®.

The SET function returns TRUE if CA SiteMinder® returns success on the modification.

If the attribute is not visible to CA SiteMinder®, the function fails. The attribute may not be visible due to security reasons (security in the User Directory) or, in the case of ODBC directories, because it is not in the configured Query or not an attribute listed in the Set Properties setting of the CA SiteMinder® Query Scheme.

Syntax

The SET function has the following format:

SET(attr_name, value)

Parameters

The SET function accepts the following parameters:

attr_name (string)

value (string)

Specifies one or more values. Multiple values are separated by the caret character.

Return Value

The SET function returns a Boolean.

Remarks

Privileged: Yes

Example

Return_value=SET("Retries", STRING(NUMBER(Retries) + 1))

More information:

GET Function--Locate Attributes in a User Directory

SIGN Function--Return the Sign of a Number

The SIGN function accepts a number. If the number is negative, SIGN returns a negative one. If the number is zero, SIGN returns a zero. If the number is positive, SIGN returns a positive one.

Syntax

The SIGN function has the following format:

SIGN(number)

Parameters

The SIGN function accepts the following parameter:

number (number)

Return Value

The SIGN function returns a number: -1, 0, or +1.

Example

Return_value=SIGN(-40)
Return_value=-1

Return_value=SIGN(0)
Return_value=0

Return_value=SIGN(999)
Return_value=1

SORT Function--Sort a Set

The SORT function sorts a specified set. Case sensitivity is specified by an optional Boolean parameter. Duplicate items are eliminated from the resulting set.

Syntax

The SORT function has the following format:

SORT(source_set[, not_case_sensitive]

Parameters

The SORT function accepts the following parameters:

source_set (string)

Set to be sorted.

not_case_sensitive (Boolean)

(Optional) If this parameter is omitted or set to FALSE, the sort treats entries as identical unless the cases are different. If this parameter is set to TRUE, the sort ignores case.

Return Value

The SORT function returns a set.

Examples

Return_value=SORT("Eric^Bart^Chuck^BART^Chuck") Return_value="BART^Bart^Chuck^Eric"

Return_value=SORT("Eric^Bart^Chuck^BART^Chuck", FALSE) Return_value="BART^Bart^Chuck^Eric"

Return_value=SORT("Eric^Bart^Chuck^BART^Chuck", TRUE) Return_value="Bart^Chuck^Eric"

SPACE Function--Return a String of Spaces

The SPACE function returns a string that consists of the specified number of spaces.

Syntax

The SPACE function has the following format:

SPACE(repeat_count)

Parameters

The SPACE function accepts the following parameters:

repeat_count (number)

The number of spaces to include in the string.

Return Value

The SPACE function returns a string.

Example

Return_value=SPACE(3) Return_value='   '

Return_value=SPACE(10) Return_value="          "

STRING Function--Convert to a String

The STRING function converts a number or Boolean into a string value.

Syntax

The STRING function has the following format:

STRING(num_value|bool_value)

Parameters

The STRING function accepts either one of these parameters:

num_value (number)

bool_value (Boolean)

Return Value

The STRING function returns a string.

Example

Return_value=STRING(TRUEVAL)
Return_value="TRUE"

Return_value=STRING(123)
Return_value='123'

More information:

BOOLEAN Function--Convert to "TRUE" or "FALSE"

NUMBER Function--Convert to a Numeric Value

THROW Function--Stop Processing and Report Custom Error

You can write an expression that tests for an error and if an error has occurred, calls THROW, passing a custom error message. When the expression evaluator encounters THROW, it stops processing the expression and outputs the custom error message to the console log.

Syntax

The THROW function has the following format:

THROW(error_message)

Parameters

The THROW function accepts the following parameter:

error_message (string)

Specifies the custom error message that is output to the console log.

Return Value

The THROW function does not return.

Example

EXISTS('MyFile') ? #Process('MyFile') : THROW('File does not exist.')
Message Output to the Console Log: 'File does not exist.'

VEXIST(#Sortname) ? #Sortname : THROW('Sortname is not defined.')
Message Output to the Console Log: 'Sortname is not defined.'

More information:

MAYBE Function--Report an Indeterminate Result

TRACE Function--Write Trace Entry to Console Log

The TRACE function writes the string argument to the CA SiteMinder® Console Log as a trace entry.

Syntax

The TRACE function has the following format:

TRACE(source_string)

Parameters

The TRACE function accepts the following parameter:

source_string (string)

Return Value

The TRACE function returns a Boolean, always TRUE.

Remarks

Priviledged: Yes

Example

Return_value=TRACE("Executing Code")
Return_value=TRUE

More information:

ERROR Function--Write Error Message to Console Log

INFO Function--Write INFO Message to Console Log

WARNING Function--Write WARNING Message to Console Log

TRANSLATE Function--Replace String Value

The TRANSLATE function replaces all occurrences of one string found within a second string with a third string. The search is case-sensitive unless the optional Boolean is set to TRUE.

Syntax

The TRANSLATE function has the following format:

TRANSLATE(source_string, search_string, replace_string[, not_case_sensitive])

Parameters

The TRANSLATE function accepts the following parameters:

source_string (string)

search_string (string)

replace_string (string)

not_case_sensitive (Boolean)

(Optional) If this parameter is not set or set to FALSE, case is considered in the search. If set to TRUE, case is ignored.

Return Value

The TRANSLATE function returns a string.

Example

Return_value=TRANSLATE('Eric','r','x')
Return_value='Exic'

Return_value=TRANSLATE('Eric','ri','x')
Return_value='Exc'

Return_value=TRANSLATE('Eric','r','xy')
Return_value='Exyic'

Return_value=TRANSLATE('Eric','R','x')
Return_value='Eric'

Return_value=TRANSLATE('Eric','R','x',TRUE)
Return_value= 'Exic'

UCASE Function--Convert to Upper Case

The UCASE function converts the source string to upper case.

Syntax

The UCASE function has the following format:

UCASE(source_string)

Parameters

The UCASE function accepts the following parameter:

source_string (string)

Return Value

The UCASE function returns a string.

Example

Return_value=UCASE('framingham, mass')
Return_value='FRAMINGHAM, MASS'

More information:

PCASE Function--Convert a String to Proper Case

LCASE Function--Convert to Lowercase

URL Function--Returns a Component of a URL String

The URL function parses the supplied URL (or path) and returns the specified component. This function ignores characters that are URL-encoded.

Note: The URL function only parses strings that use slashes, not backslashes. If you are using a system running Windows, use the TRANSLATE function to convert backslashes to slashes.

Syntax

The URL function has the following format:

URL(url_string, component)

Parameters

The URL function accepts the following parameters:

url_string (string)

The URL or path must be specified following this format:

[<protocol>:][//][<user>[:<password>]@]<server>[:<port#>] [[/<directory>]/[<file>]][?<querystring>]

component (string)

Component names are not case-sensitive. You can specify any of the following components:

Return Value

The URL function returns a string.

Examples

Return_value=URL("http://www.myserver.com:8080/app1/xyzzy.jsp?id=12", "PROTOCOL")
Return_value="http:"

Return_value=URL("ftp://joe:dog@ftp.myserver.com/dir1/xyzzy.zip", "USER")
Return_value="joe"

Return_value=URL("ftp://joe:dog@ftp.myserver.com/dir1/xyzzy.zip", "PASSWORD")
Return_value="dog"

Return_value=URL("http://www.myserver.com:8080/app1/xyzzy.jsp?id=12", "SERVER")
Return_value="www.myserver.com"

Return_value=URL("http://www.myserver.com:8080/app1/xyzzy.jsp?id=12", "PORT")
Return_value="8080"

Return_value=URL("http://www.myserver.com:8080/app1/xyzzy.jsp?id=12", "DOMAIN")
Return_value="myserver.com"

Return_value=URL("ftp://joe:dog@ftp.myserver.com/dir1/xyzzy.zip", "URI")
Return_value="/dir1/xyzzy.zip"

Return_value=URL("ftp://joe:dog@ftp.myserver.com/dir1/xyzzy.zip", "PATH")
Return_value="/dir1/xyzzy.zip"

Return_value=URL("ftp://joe:dog@ftp.myserver.com/dir1/xyzzy.zip", "DIRECTORY")
Return_value="/dir1"

Return_value=URL("ftp://joe:dog@ftp.myserver.com/dir1/xyzzy.zip", "FILENAME")
Return_value="xyzzy.zip"

Return_value=URL("ftp://joe:dog@ftp.myserver.com/dir1/xyzzy.zip", "BASENAME")
Return_value="xyzzy"

Return_value=URL("ftp://joe:dog@ftp.myserver.com/dir1/xyzzy.zip", "EXTENSION")
Return_value="zip"

Return_value=URL("ftp://joe:dog@ftp.myserver.com/dir1/xyzzy.zip", "QUERYSTRING")
Return_value=""

Return_value=URL("http://www.myserver.com:8080/app1/xyzzy.jsp?id=12", "QUERYSTRING")
Return_value="id=12"

More information:

QS Function--Retrieve Items from a Query String

URLDECODE Function--Decode a URL String

The URLDECODE function decodes the specified URL string.

Syntax

The URLDECODE function has the following format:

URLDECODE(url)

Parameters

The function accepts the following parameter:

url (string)

Return Value

The URLDECODE function returns a string.

Example

Return_value=URLDECODE("Framingham%2C+Mass")
Return_value="Framingham, Mass"

More information:

URLENCODE Function--Encode a String

URLENCODE Function--Encode a String

The URLENCODE function encodes the passed-in string to URL format.

Syntax

The URLENCODE function has the following format:

URLENCODE(source_string)

Parameters

The URLENCODE function accepts the following parameter:

source_string (string)

Return Value

The URLENCODE function returns a string.

Example

Return_value=URLENCODE('Framingham, Mass') Return_value='Waltham%2C+Mass'

More information:

URLDECODE Function--Decode a URL String

VEXIST Function--Is the Parameter Defined?

The VEXIST function accepts a named expression, a context variable, or user attribute and determines whether it is defined. If defined, VEXIST returns TRUE. If not, VEXIST returns FALSE.

Note: In the case of LDAP user directories, CA SiteMinder® cannot determine whether a user attribute is defined and returns FALSE.

Syntax

The VEXIST function has the following format:

VEXIST(#virtual_user_attribute | @user_class | %context_variable | user_attribute_name | user_attribute_string)

Parameters

The VEXIST function accepts one of the following parameters:

#virtual_user_attribute (named expression)

Specifies a named expression that calculates a user attribute.

@user_class (named expression)

Specifies a named expression that tests for membership in a user directory or group.

%context_variable (context variable)

Specifies a context variable.

user_attribute_name (unquoted string)

Specifies a single user attribute.

user_attributes_string (string)

Specifies a string of user attribute names separated by a character.

Return Value

The VEXIST function returns a Boolean.

Example

Return_value=VEXIST(#Age)
Return_value=TRUE

Return_value=VEXIST(@IsDolphin)
Return_value=FALSE

Return_value=VEXIST(%ClientIP)
Return_value=TRUE

Return_value=VEXIST(givenname)
Return_value=FALSE

Return_value=VEXIST('last,first')
Return_value=TRUE

WARNING Function--Write WARNING Message to Console Log

The WARNING function writes the string argument to the CA SiteMinder® Console Log as a warning message.

Syntax

The WARNING function has the following format:

WARNING(source_string)

Parameters

The WARNING function accepts the following parameter:

source_string (string)

Return Value

The WARNING function returns a Boolean, always TRUE.

Example

Return_value=WARNING("Buffer Full")
Return_value=TRUE

More information:

ERROR Function--Write Error Message to Console Log

TRACE Function--Write Trace Entry to Console Log

INFO Function--Write INFO Message to Console Log

XORBITS Function--Perform a Bitwise XOR Operation

The XORBITS function performs a bitwise XOR operation on its two arguments.

Syntax

The XORBITS function has the following format:

XORBITS(num_1,num_2)

Parameters

The XORBITS function accepts the following parameters:

num_1 (number)

num_2 (number)

Return Value

The XORBITS function returns a number.

Example

Return_value=XORBITS(7, 2)
Return_value=5

Return_value=XORBITS(7, 15)
Return_value=8

More information:

ANDBITS Function--Perform a Bitwise AND Operation

ORBITS Function--Perform a Bitwise OR Operation

NOTBITS Function--Perform a Bitwise NOT

YEAR Function--Return the Year Component of a Numeric Date

The YEAR function returns a number that indicates the year component of a date in seconds since January 1, 1970.

Syntax

The YEAR function has the following format:

YEAR(date_time)

Parameters

The YEAR function accepts the following parameter:

date_time (number)

The date represented in seconds.

Return Value

The YEAR function returns a number between 70 and 138.

More information:

YEAR4 Function--Return the Year Component of a Date (4 digits)

YEAR4 Function--Return the Year Component of a Date (4 digits)

The YEAR4 function returns the four-digit year component of a date expressed in seconds since January 1, 1970.

Syntax

The YEAR4 function has the following format:

YEAR4(date_time)

Parameters

The YEAR4 function accepts the following parameters:

date_time (number)

Return Value

The YEAR4 function returns a returns a number between 1970 and 2038.

More information:

YEAR Function--Return the Year Component of a Numeric Date